CVE-2024-27181

CWE-269Improper Privilege Management4 documents4 sources
Severity
8.8HIGH
EPSS
0.3%
top 43.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Linkis Basic Management ServicesApache Linkis
Timeline
PublishedAug 2

Description

In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDapache/linkis< 1.6.0

🔴Vulnerability Details

3
GHSA
Apache Linkis vulnerable to privilege escalation2024-08-02
CVEList
Apache Linkis Basic management services: Privilege Escalation Attack vulnerability2024-08-02
OSV
Apache Linkis vulnerable to privilege escalation2024-08-02
CVE-2024-27181 (HIGH CVSS 8.8) | In Apache Linkis <= 1.5.0 | cvebase.io